While retriveing the ELM Archive in the ESM for current i got this message as :-- Error: Unable to retrieve ELM archive. The log may have not been sent to the ELM yet
Kindly share & explain me the Log flow diagram in SIEM betweens the ESM,ERC&ELM devices for better understanding of the SIEM..
Look at this SIEM Foundations: Architecture Primer I also updated the drawing and posted back as a comment as the original drawing did not show that the raw logs are transferred from the Receivers to the ELM.
Also -- make sure your ELM is Storage Pools are configured correctly and that in the policy that your are in fact logging.